This month, Amazon GuardDuty launched enhancements to several existing threat detections that will result in many customers seeing a 50% reduction in findings generated for port probes, SSH brute force attempts, and indications of DNS data exfiltration. These enhancements are now included in Amazon GuardDuty across all supported AWS regions globally.

The broad global adoption of Amazon GuardDuty and scale of coverage has helped surface common customer architectures and configurations that can produce high volumes of security alerts. These patterns have been used to intelligently enhance GuardDuty detection models in order to recognize valid use cases that were very similar to attack traffic. AWS Security has been able to pull these observations into the GuardDuty detection analytics, reducing alert volume without sacrificing coverage or security value.

These enhancements mark the latest example of Amazon GuardDuty continuously improving security value while decreasing the cost and operational overhead for customers to deploy security at scale. GuardDuty has more than doubled its detections since launch in November of 2017, with many detections going through numerous improvements and revisions over time. Amazon GuardDuty has also gone through multiple detection analytics optimizations that have resulted in lower costs for customers using the service.

To receive programmatic updates on new Amazon GuardDuty features and threat detections, please subscribe to the Amazon GuardDuty SNS topic.

Available globally, Amazon GuardDuty continuously monitors for malicious or unauthorized behavior to help protect your AWS resources, including your AWS accounts and access keys. GuardDuty identifies unusual or unauthorized activity, like cryptocurrency mining or infrastructure deployments in a region that has never been used. Powered by threat intelligence and machine learning, GuardDuty is continuously evolving to help you protect your AWS environment.